[JENKINS-3404] mix LDAP and local Hudson users - Jenkins Jira

Details

Type: Improvement
Status: Open (View Workflow)
Priority: Trivial
Resolution: Unresolved
Component/s: _unsorted, ldap-plugin
Labels:
None
Environment:
Platform: All, OS: All

Similar Issues:

Show

Description

Would it be possible to add the following feature: have users in both LDAP and
the the local Hudson database?

We currently have most of our users in LDAP, but a few are not in AD (student
employees, people in other OUs). For these users, we would like to add them as
local Hudson users, while maintaining the LDAP users. Basically, we want to mix
the two: LDAP and local Hudson users. Thanks in advance.

Also, the subcomponent for this issue is not correct; but it wouldn't let me
submit this without choosing one. Sorry!

Attachments

Issue Links

duplicates

JENKINS-39065 Active Directory should support Jenkins Internal Database to allow login under AD connectivity issues

Resolved

is duplicated by

JENKINS-29162 Jenkins internal user in order to be able to log-in under an authentication failure with LDAP AD, ...

Open

Activity

Descending order - Click to sort in ascending order

Loren Alatan added a comment - 2022-02-18 06:20

Tried updating Active Directory plugin to 2.25.1 from 2.25 but it became worse. LDAP users and groups are not working anymore.

Loren Alatan added a comment - 2022-02-18 06:20 Tried updating Active Directory plugin to 2.25.1 from 2.25 but it became worse. LDAP users and groups are not working anymore.

Loren Alatan added a comment - 2022-02-04 06:39

Hi promissing I tried installing the https://github.com/wenjunxiao/mixing-security-realm-plugin plugin. It kind of works having ldap users and a local jenkins user at the same time but ldap groups were not allowed. Are you aware of this issue?
Thank you very much.

Loren Alatan added a comment - 2022-02-04 06:39 Hi promissing I tried installing the https://github.com/wenjunxiao/mixing-security-realm-plugin plugin. It kind of works having ldap users and a local jenkins user at the same time but ldap groups were not allowed. Are you aware of this issue? Thank you very much.

hz hz added a comment - 2021-10-18 05:41 - edited

java.lang.IllegalArgumentException: Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealmjava.lang.IllegalArgumentException: Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealm at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:683)Caused: java.lang.IllegalArgumentException: Failed to instantiate class hudson.security.LDAPSecurityRealm from {"value":"3","stapler-class":"hudson.security.MixingSecurityRealm","$class":"hudson.security.MixingSecurityRealm","allowsSignup":false,"priority":true,"optional":[{"$enabled":false,"$id":"hudson.security.SecurityRealm$None"},{"$enabled":false,"$id":"hudson.security.PAMSecurityRealm","serviceName":""},{"$enabled":true,"$id":"hudson.security.LDAPSecurityRealm","configurations":{"server":"ldap://www.example.com","rootDN":"dc=example,dc=com","inhibitInferRootDN":false,"userSearchBase":"OU=User Accounts","userSearch":"userPrincipalName={0}","groupSearchBase":"OU=Groups","groupSearchFilter":"(objectClass=group)","groupMembershipStrategy":{"value":"0","attributeName":"memberOf","stapler-class&lt;span class="code-quote">":"jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy","$class&lt;span class="code-quote">":"jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy"},"managerDN":"CN=ci-build-onprembuild,OU=Service Accounts,OU=User Accounts,DC=example,DC=com","managerPasswordSecret":"[value redacted]","$redact":"managerPasswordSecret","displayNameAttributeName":"displayname","mailAddressAttributeName":"mail","ignoreIfUnavailable":false},"":["0","0"],"userIdStrategy":{"stapler-class&lt;span class="code-quote">":"jenkins.model.IdStrategy$CaseInsensitive","$class&lt;span class="code-quote">":"jenkins.model.IdStrategy$CaseInsensitive"},"groupIdStrategy":{"stapler-class&lt;span class="code-quote">":"jenkins.model.IdStrategy$CaseInsensitive","$class&lt;span class="code-quote">":"jenkins.model.IdStrategy$CaseInsensitive"},"disableMailAddressResolver":false,"disableRolePrefixing":true},{"$enabled":false,"$id":"hudson.security.LegacySecurityRealm"}]} at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:693) at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:490) at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:486) at hudson.security.LDAPSecurityRealm$DescriptorImpl.doValidate(LDAPSecurityRealm.java:1543) at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:393)Caused: java.lang.reflect.InvocationTargetException at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:405) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:208) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:141) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:281) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694) at org.kohsuke.stapler.Stapler.service(Stapler.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:156) at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:80) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:159) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:92) at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:53) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:121) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:92) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:62) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:109) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:85) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:39) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:516) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:386) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) at java.base/java.lang.Thread.run(Thread.java:829)

here is the stack trace. thank you so much for your quick respons

hz hz added a comment - 2021-10-18 05:41 - edited java.lang.IllegalArgumentException: Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealmjava.lang.IllegalArgumentException: Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealm at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:683)Caused: java.lang.IllegalArgumentException: Failed to instantiate class hudson.security.LDAPSecurityRealm from { "value" : "3" , "stapler-class" : "hudson.security.MixingSecurityRealm" , "$class" : "hudson.security.MixingSecurityRealm" , "allowsSignup" : false , "priority" : true , "optional" :[{ "$enabled" : false , "$id" : "hudson.security.SecurityRealm$None" },{ "$enabled" : false , "$id" : "hudson.security.PAMSecurityRealm" , "serviceName" : ""},{" $enabled ": true ," $id ":" hudson.security.LDAPSecurityRealm "," configurations ":{" server ":" ldap: //www.example.com "," rootDN ":" dc=example,dc=com "," inhibitInferRootDN ": false ," userSearchBase ":" OU=User Accounts "," userSearch ":" userPrincipalName={0} "," groupSearchBase ":" OU=Groups "," groupSearchFilter ":" (objectClass=group) "," groupMembershipStrategy ":{" value ":" 0 "," attributeName ":" memberOf "," stapler- class& lt;span class= "code-quote" > ":" jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy "," $ class& lt;span class= "code-quote" > ":" jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy "}," managerDN ":" CN=ci-build-onprembuild,OU=Service Accounts,OU=User Accounts,DC=example,DC=com "," managerPasswordSecret ":" [value redacted] "," $redact ":" managerPasswordSecret "," displayNameAttributeName ":" displayname "," mailAddressAttributeName ":" mail "," ignoreIfUnavailable ": false }," ":[" 0 "," 0 "]," userIdStrategy ":{" stapler- class& lt;span class= "code-quote" > ":" jenkins.model.IdStrategy$CaseInsensitive "," $ class& lt;span class= "code-quote" > ":" jenkins.model.IdStrategy$CaseInsensitive "}," groupIdStrategy ":{" stapler- class& lt;span class= "code-quote" > ":" jenkins.model.IdStrategy$CaseInsensitive "," $ class& lt;span class= "code-quote" > ":" jenkins.model.IdStrategy$CaseInsensitive "}," disableMailAddressResolver ": false ," disableRolePrefixing ": true },{" $enabled ": false ," $id ":" hudson.security.LegacySecurityRealm"}]} at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:693) at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:490) at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:486) at hudson.security.LDAPSecurityRealm$DescriptorImpl.doValidate(LDAPSecurityRealm.java:1543) at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:393)Caused: java.lang.reflect.InvocationTargetException at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:405) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:208) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:141) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:281) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694) at org.kohsuke.stapler.Stapler.service(Stapler.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:156) at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:80) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:153) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:159) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:92) at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:53) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:121) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:92) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:62) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:109) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:85) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:39) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:516) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:386) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) at java.base/java.lang. Thread .run( Thread .java:829) here is the stack trace. thank you so much for your quick respons

Kalle Niemitalo added a comment - 2021-10-18 05:27 - edited

Is there a stack trace for this exception? More than just this

at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON("RequestImpl.java":"683)

Kalle Niemitalo added a comment - 2021-10-18 05:27 - edited Is there a stack trace for this exception? More than just this at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON("RequestImpl.java":"683)

hz hz added a comment - 2021-10-18 01:48 - edited

Hi I'd like to ask if you guys have such issue. I need to config mixing security realm to support Jenkins own users database and ldap. if I setup ldap only it verified successfully. but if I config ldap inside mix plugin I got following exception.

I am using java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64 and Jenkins 2.316

"java.lang.IllegalArgumentException":Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealm"java.lang.IllegalArgumentException":Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealm at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON("RequestImpl.java":"683)Caused":"java.lang.IllegalArgumentException":"Failed to instantiate class hudson.security.LDAPSecurityRealm from"{ "value":"3",
"stapler-class":"hudson.security.MixingSecurityRealm",
"$class":"hudson.security.MixingSecurityRealm",
"allowsSignup":false,
"priority":true,
"optional":[

{ "$enabled":false, "$id":"hudson.security.SecurityRealm$None" }

,

{ "$enabled":false, "$id":"hudson.security.PAMSecurityRealm", "serviceName":"" }

,
{ "$enabled":true,
"$id":"hudson.security.LDAPSecurityRealm",
"configurations":

{ "server":"ldap://www.example.com", "rootDN":"dc=example,dc=com", "inhibitInferRootDN":false, "userSearchBase":"OU=User Accounts", "userSearch":"userPrincipalName=

{0}

",
"groupSearchBase":"OU=Groups",
"groupSearchFilter":"(objectClass=group)",
"groupMembershipStrategy":

{ "value":"0", "attributeName":"memberOf", "stapler-class":"jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy", "$class":"jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy" }

,
"managerDN":"CN=onprembuild,OU=Service Accounts,OU=User Accounts,DC=example,DC=com",
"managerPasswordSecret":"[value redacted]",
"$redact":"managerPasswordSecret",
"displayNameAttributeName":"displayname",
"mailAddressAttributeName":"mail",
"ignoreIfUnavailable":false },
"":[ "0",
"0" ],
"userIdStrategy":

{ "stapler-class":"jenkins.model.IdStrategy$CaseInsensitive", "$class":"jenkins.model.IdStrategy$CaseInsensitive" }

,
"groupIdStrategy":

{ "stapler-class":"jenkins.model.IdStrategy$CaseInsensitive", "$class":"jenkins.model.IdStrategy$CaseInsensitive" }

,
"disableMailAddressResolver":false,
"disableRolePrefixing":true },

{ "$enabled":false, "$id":"hudson.security.LegacySecurityRealm" }

]}

hz hz added a comment - 2021-10-18 01:48 - edited Hi I'd like to ask if you guys have such issue. I need to config mixing security realm to support Jenkins own users database and ldap. if I setup ldap only it verified successfully. but if I config ldap inside mix plugin I got following exception. I am using java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64 and Jenkins 2.316 "java.lang.IllegalArgumentException":Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealm"java.lang.IllegalArgumentException":Specified type class hudson.security.MixingSecurityRealm is not assignable to the expected class hudson.security.LDAPSecurityRealm at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON("RequestImpl.java":"683)Caused":"java.lang.IllegalArgumentException":"Failed to instantiate class hudson.security.LDAPSecurityRealm from"{ "value":"3", "stapler-class":"hudson.security.MixingSecurityRealm", "$class":"hudson.security.MixingSecurityRealm", "allowsSignup":false, "priority":true, "optional":[ { "$enabled":false, "$id":"hudson.security.SecurityRealm$None" } , { "$enabled":false, "$id":"hudson.security.PAMSecurityRealm", "serviceName":"" } , { "$enabled":true, "$id":"hudson.security.LDAPSecurityRealm", "configurations": { "server":"ldap://www.example.com", "rootDN":"dc=example,dc=com", "inhibitInferRootDN":false, "userSearchBase":"OU=User Accounts", "userSearch":"userPrincipalName= {0} ", "groupSearchBase":"OU=Groups", "groupSearchFilter":"(objectClass=group)", "groupMembershipStrategy": { "value":"0", "attributeName":"memberOf", "stapler-class":"jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy", "$class":"jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy" } , "managerDN":"CN=onprembuild,OU=Service Accounts,OU=User Accounts,DC=example,DC=com", "managerPasswordSecret":" [value redacted] ", "$redact":"managerPasswordSecret", "displayNameAttributeName":"displayname", "mailAddressAttributeName":"mail", "ignoreIfUnavailable":false }, "":[ "0", "0" ], "userIdStrategy": { "stapler-class":"jenkins.model.IdStrategy$CaseInsensitive", "$class":"jenkins.model.IdStrategy$CaseInsensitive" } , "groupIdStrategy": { "stapler-class":"jenkins.model.IdStrategy$CaseInsensitive", "$class":"jenkins.model.IdStrategy$CaseInsensitive" } , "disableMailAddressResolver":false, "disableRolePrefixing":true }, { "$enabled":false, "$id":"hudson.security.LegacySecurityRealm" } ]}

View 26 older comments

Jenkins

mix LDAP and local Hudson users

Details

Description

Attachments

Issue Links

Activity

People

Dates